| pf.os (163621) | pf.os (225452) |
|---|---|
| 1# $FreeBSD: head/etc/pf.os 163621 2006-10-23 05:09:44Z delphij $ 2# $OpenBSD: pf.os,v 1.21 2006/07/28 21:51:12 david Exp $ | 1# $FreeBSD: head/etc/pf.os 225452 2011-09-08 23:46:07Z delphij $ 2# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $ |
| 3# passive OS fingerprinting 4# ------------------------- 5# 6# SYN signatures. Those signatures work for SYN packets only (duh!). 7# 8# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> 9# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> 10# --- 283 unchanged lines hidden (view full) --- 29416384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) 29565535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) 29665535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF) 29732768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization) 298 299# ----------------- OpenBSD ----------------- 300 30116384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) | 3# passive OS fingerprinting 4# ------------------------- 5# 6# SYN signatures. Those signatures work for SYN packets only (duh!). 7# 8# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> 9# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> 10# --- 283 unchanged lines hidden (view full) --- 29416384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) 29565535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) 29665535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF) 29732768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization) 298 299# ----------------- OpenBSD ----------------- 300 30116384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) |
| 30216384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0::OpenBSD 3.0-4.0 30316384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df) | 30216384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8 30316384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df) |
| 30457344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 30557344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) 306 30765535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) 308 | 30457344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 30557344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) 306 30765535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) 308 |
| 30916384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 31016384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) 311 |
|
| 309# ----------------- Solaris ----------------- 310 311S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 312S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 313S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 314 315S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 316S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 --- 40 unchanged lines hidden (view full) --- 35716616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP) 35832768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2 35965535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4) 360 361 362# ----------------- Windows ----------------- 363 364# Windows TCP/IP stack is a mess. For most recent XP, 2000 and | 312# ----------------- Solaris ----------------- 313 314S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 315S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 316S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 317 318S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 319S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 --- 40 unchanged lines hidden (view full) --- 36016616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP) 36132768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2 36265535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4) 363 364 365# ----------------- Windows ----------------- 366 367# Windows TCP/IP stack is a mess. For most recent XP, 2000 and |
| 365# even 98, the pathlevel, not the actual OS version, is more | 368# even 98, the patchlevel, not the actual OS version, is more |
| 366# relevant to the signature. They share the same code, so it would 367# seem. Luckily for us, almost all Windows 9x boxes have an 368# awkward MSS of 536, which I use to tell one from another 369# in most difficult cases. 370 3718192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows) 372S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95 3738192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b --- 314 unchanged lines hidden --- | 369# relevant to the signature. They share the same code, so it would 370# seem. Luckily for us, almost all Windows 9x boxes have an 371# awkward MSS of 536, which I use to tell one from another 372# in most difficult cases. 373 3748192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows) 375S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95 3768192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b --- 314 unchanged lines hidden --- |